On Sun, Apr 21, 2002 at 11:44:25AM +1000, Ian Cumming wrote: > Anyway, if anyone is using limits.conf, could you please post your > configuration with perhaps a little comment describing why you have > chosen certain values, etc..
When I have set up limits, it's been to prevent runaway processes (like netscape... *ugh*) from eating up all the memory, triggering the kernel's kill-something-and-take-its-memory behaviour. It's not good when you leave netscape running and come back to find that sshd, inetd, and maybe init have been killed off... For this purpose, I use soft limits set in /etc/profile. Limiting virtual memory for any single process to a bit less than the amount of RAM in the machine works for me. If you want to run something that actually needs to more memory than you have RAM, you can bump up the limit, but it's rare for something to want more than you have RAM, but less than you have total. By cutting it off with RAM to spare, you stop the process from swapping out everything else and thrashing the system while you try to kill it. BTW, it would be nice if you could set the locked memory limit to a few pages, then allow any process to lock memory, not just root. A few pages per proc * max procs isn't too bad, and it would allow gpg and other security software to get a locked page without having to suid root. > > Perhaps this information could be summarised and put into the security > HOWTO? Anyone who wants to do so can use my advice as given above verbatim or otherwise. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
